Starwoods data breach just got both better and worse at the same time Marriott which owns hotel chain giant Starwood said it has revised the number of customers affected by its recently disclosed data breach from 500 million to fewer than 383 million unique guests That doesnt mean all those 383 million guests are affected Marriott said but the hotel giant still cant yet give a more precise number of customers whose data was stolen The bad news is that the company confirmed that more than five million unencrypted passport numbers were stolen on top of the more than 20 million encrypted passport numbers That might be a problem given passport numbers can be used for identity theft and to commit fraud but is the sort of data that remains highly valuable for spy agencies that can use the information to track down where government officials diplomats and adversaries have stayed giving insight into what would ordinarily be clandestine activities Marriott also said that 86 million unique payment card numbers were taken but only 354 000 cards were active and unexpired at the time of the breach in September The hotel giant said it had no evidence to show that the hackers stole the keys needed to decrypt the data but did not say how it came to that conclusion Starwoods security lapse became the largest data breach last year and remains one of the most damaging hacking incidents in recent memory The company said the contents of the stolen data were from the Starwood guest reservation database which it acquired when it bought Starwood and its 1 200 properties in 2016 for 13 billion Marriott said in its Friday update that it has completed the phase out of Starwoods reservation database and now runs guest bookings through its Marriott database which was not affected by the breach